These are the key pieces of legislation you need to be able to identify and a brief explanation about each one.

The Care Act 2014

2014 Regulations state that care providers must have effective governance, including assurance and auditing systems or processes. 

This includes securely maintaining accurate, complete and detailed records in respect of each person using the service and records relating to the employment of staff and the overall management of the regulated activity.

This inspected by the Care Quality Commission (CQC). You can see the regulations using this link – CQC Regulations.

Data Protection Act 2018

Digital technology has transformed almost every aspect of our lives in the twenty years since the last Data Protection Act was passed. The new Data Protection Act:

• Makes our data protection laws fit for the digital age in which an ever increasing amount of data is being processed.
• Empowers people to take control of their data.

GDPR

The General Data Protection Regulation

General Data Protection Regulations (GDPR) is a Europe-wide law that replaces the Data Protection Act 1998 in the UK. GDPR sets out requirements for how organisations should handle personal data from 25 May 2018. 

Freedom of Information Act 2000 (FOI)

The FOI says that most public authorities have a legal obligation to provide information through an approved publication scheme and in response to requests for information. 

If you work for a local authority, your employer will have one or more specialists responsible for requests made under this Act. You will need to find out who this is and what procedures you should follow if a request for information is made direct to you. 

Anyone can request information – there are no restrictions on your age, nationality or where you live.

You can read more about the FOI Act here.

Caldicott Guardians

Caldicott Guardians are experts on confidentiality issues and access to individuals’ records. They can give advice on any concerns you may have about a case. They are experienced people nominated in organisations who are responsible for safeguarding the confidentiality of individuals’ information. 

Two key components of maintaining confidentiality are the integrity of information and its security: 

• Integrity is achieved by the accuracy and completeness of information using proper processing methods. Security measures are needed to protect information from a wide variety of threats.

The Caldicott Principles

The Caldicott principles and recommendations apply specifically to information that identifies individuals and emphasise the need for controls over the availability of this information and access to it. 

There are seven Caldicott principles (one more was added in 2013): 

1. Justify the purpose(s) of every proposed use or transfer.
2. Do not use it unless it is absolutely necessary.
3. Use the minimum necessary. 
4. Access to it should be on a strict need-to-know basis.
5. Everyone with access to it should be aware of their responsibilities.
6. Understand and comply with the law.
7. The duty to share information can be as important as the duty to protect patient confidentiality.

You can read more about the Caldicott principles here.

The Information Commissioner’s Office

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Their website has lots of information about recording, storing and sharing information under the legislation.